On Fri, Oct 10, 2014 at 12:28 AM, Tom Yu <t...@mit.edu> wrote: > Natxo Asenjo <natxo.ase...@gmail.com> writes: > >> When implementing rsyslog with gssapi >> (http://www.rsyslog.com/doc/gssapi.html) I came accross the issue >> that the rsyslog software expects the credentials cache of the host >> principal in /tmp/krb5cc_0; the centos 6.5 hosts joined to a freeipa >> kerberos domain save that to /var/tmp/host_0 . > > /var/tmp/host_0 looks more like a replay cache (rcache) filename to me. > Are you seeing this on the rsyslog server or the rsyslog client?
I think you are correct. When looking at that file I see my kerberos principal named a few times with this type of strings: HASH:lotsofhex, so this looks like one of those files. >> I tried setting this: >> >> KRB5CCNAME='/var/tmp/host_0' >> >> or variations on that (double inverted comma's, no comma's) in >> /etc/sysconfig/rsyslog which is the place where one expect to declare >> such a variable in redhat/centos systems because that file is sourced >> by the init scrip of rsyslog. But unfortunately rsyslog kept >> requesting the /tmp/krb5cc_0 file. > > What error messages did you see? Is this on the client or the server? This is on the client. The messages I get on the client: Oct 13 13:47:19 host rsyslogd-2024: GSS-API Context initialization failed [try http://www.rsyslog.com/e/2024 ] Oct 13 13:47:19 host rsyslogd: GSS-API error initializing context: Unspecified GSS failure. Minor code may provide more information Oct 13 13:47:19 host rsyslogd: GSS-API error initializing context: Credentials cache file '/tmp/krb5cc_0' not found Thanks, -- Groeten, natxo ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
